Develop extensions to the Liberty profile security infrastructure
The Liberty profile server provides various plug-in points so that we can extend the security infrastructure.
The following topics are covered in this section:
- Follow the instructions in Develop a custom TAI to develop custom trust association interceptors (TAI) to extend the security infrastructure of Liberty profile server.
- Follow the instructions in Develop JAAS custom login modules for a system login configuration to develop JAAS custom login modules to extend the security infrastructure of Liberty profile server.
Subtopics
- Develop a custom TAI
We can develop a custom trust association interceptor (TAI) class by implementing the com.ibm.wsspi.security.tai.TrustAssociationInterceptor interface provided in the Liberty profile server.
- Develop JAAS custom login modules for a system login configuration
For a Liberty profile server, multiple Java Authentication and Authorization Service (JAAS) plug-in points exist for configuring system logins. The Liberty profile uses system login configurations to authenticate incoming requests. We can develop a custom JAAS login module to add information to the Subject of a system login configuration.
- Customize an application login to perform an identity assertion using JAAS
We can use the Java Authentication and Authorization Service (JAAS) login framework to create a JAAS login configuration that can be used to perform login to an identity assertion on the Liberty profile.
- Develop a custom user registry
We can develop a custom user registry class by implementing the com.ibm.websphere.security.UserRegistry interface provided in the Liberty profile server.
- Develop a custom thread identity service
We can develop a custom thread identity service class by implementing the com.ibm.wsspi.kernel.security.thread.ThreadIdentityService interface that is provided in the Liberty profile server. The ThreadIdentityService interface is a Service Programming Interface (SPI) that enables support to receive notifications of user identity switches.
Parent topic: Secure the Liberty profile and its applications